Commits · a3c07f6e1f2fd021bf4834578c9b54bdfaca58a7 · TeDomum / Nextcloud

Dec 28, 2020
- Add whitelist for apps inside of the server repo · 2d932b6b
  Julius Härtl authored 4 years ago
  
  Signed-off-by: Julius Härtl <jus@bitgrid.net>
  2d932b6b
Dec 09, 2020
- Suppress psalm warnings about app classes · 8286f46a
  Julius Härtl authored 4 years ago
  
  Signed-off-by: Julius Härtl <jus@bitgrid.net>
  8286f46a
Nov 20, 2020

Add Psalm Taint Flow Analysis · 47ac8e00

Lukas Reschke authored 4 years ago

This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/



Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

47ac8e00

Oct 23, 2020

LDAP simplify User_Proxy and Group_Proxy signatures · 86e5e7d9

Arthur Schiwon authored 4 years ago


- make User_Proxy and Group_Proxy easy to instantiate
- simplify dependent code
- move commands to info.xml
- make UpdateGroups job class non-static

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

86e5e7d9

Aug 18, 2020
- Add stubs for gd, intl, IntlChar, ldap, redis_cluster and xsl · b70792aa
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  b70792aa
- Add psalm baseline · 4efca69f
  Morris Jobke authored 4 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  4efca69f
- Suppress warning for template functions. · 8d18f0a7
  Daniel Kesselberg authored 4 years ago
  
  https://github.com/nextcloud/server/blob/6e8e34fef920a073118c22111f0f31eb3b3a91dc/lib/private/legacy/template/functions.php Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  8d18f0a7
- Fix variable name for referenced variable. · 90aa4514
  Daniel Kesselberg authored 4 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  90aa4514
- Supress UndefinedGlobalVariable for register_command.php · fe3a6284
  Daniel Kesselberg authored 4 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  fe3a6284
- Remove directory/file element. · 568e1f6d
  Daniel Kesselberg authored 4 years ago
  
  It will suppress any error of that kind in the file. That was not intended. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  568e1f6d
- Suppress warning for $_ and $l · 238f181d
  Daniel Kesselberg authored 4 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  238f181d
- Fix: UndefinedFunction Function x does not exist in templates · dd721fc5
  Daniel Kesselberg authored 4 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  dd721fc5
- Add template functions · fd6cdbcb
  Daniel Kesselberg authored 4 years ago
  
  for some reason they are not loaded by default. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  fd6cdbcb
- Add stubs for phpseclib · 8b3b5ae5
  Daniel Kesselberg authored 4 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  8b3b5ae5
- Hello psalm · 7257793f
  Daniel Kesselberg authored 4 years ago
  
  Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
  7257793f